Tag Archive for: notifications

The Privacy Danger Lurking in Push Notifications

/in


To send those notifications that awaken a device and appear on its screen without a user’s interaction, apps and smartphone operating system makers must store tokens that identify the device of the intended recipient. That system has created what US senator Ron Wyden has called a “digital post office” that can be queried by law enforcement to identify users of an app or communications platform. And while it has served as a powerful tool for criminal surveillance, privacy advocates warn that it could just as easily be turned against others such as activists or those seeking an abortion in states where that’s now illegal.

In many cases, tech firms don’t even demand a court order for the data: Apple, in fact, only demanded a subpoena for the data until December. That allowed federal agents and police to obtain the identifying information without the involvement of a judge until it changed its policy to demand a judicial order.

Europe’s sweeping Digital Markets Act comes into force next week and is forcing major “gatekeeper” tech companies to open up their services. Meta-owned WhatsApp is opening its encryption to interoperate with other messaging apps; Google is giving European users more control over their data; and Apple will allow third-party app stores and the sideloading of apps for the first time.

Apple’s proposed changes have proved controversial, but ahead of the March 7 implementation date the company has reiterated its belief that sideloading apps creates more security and privacy risks. It may be easier for apps on third-party apps stores, the company says in a white paper, to contain malware or try to access people’s iPhone data. Apple says it is bringing in new checks to try to make sure apps are safe.

“These safeguards will help keep EU users’ iPhone experience as secure, privacy-protecting, and safe as possible—although not to the same degree as in the rest of the world,” the company claims. Apple also says it has heard from EU organizations, such as those in banking and defense, which say they are concerned about employees installing third-party apps on work devices.

WhatsApp scored a landmark legal win this week against the notorious mercenary hacking firm NSO…

Source…

Casino giant Caesars sends breach notifications to thousands • The Register

/in


As more details emerge from September’s Las Vegas casino cyberattacks, Caesars Entertainment – the owner of Caesars Palace – has disclosed more than 41,000 Maine residents alone had their info stolen by a ransomware gang.

In a Friday filing with the the US state’s Attorney General’s office, Caesars disclosed extortionists siphoned 41,397 Mainers’ data, and listed the total number of victims “TBD.”

The hotel, restaurant, and casino chain described the theft as follows:

The hotel chain’s loyalty program was pillaged and Caesars noted that the stolen personal data included names and driver’s license numbers and/or identification card numbers. According to the filing, the crooks didn’t access customers’ financial information nor payment details.

In an attached security breach notification letter [PDF], Caesars told customers that the entertainment conglomerate has “taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.”

These steps, we’d assume, including paying the ransom demand – which was reportedly negotiated at $15 million after an initial demand for $30 million.

“To ease any concern you may have, we are offering you complimentary identity theft protection services for two years through IDX, a data breach and recovery services expert,” the notification letter continued. 

“This identity protection service includes two years of credit and dark web monitoring to help detect any misuse of your information, as well as a $1,000,000 insurance reimbursement policy and fully managed identity restoration in the event that you fall victim to identity theft.”

The casino giant first confirmed the data theft in an SEC filing in September, but has yet to comment on the reported ransom paid to the ransomware crew. 

Caesars has not responded to multiple inquiries from The…

Source…

Security expert warns of device that can spam iPhones with popup notifications

/in


Technology can be a wonderful thing. But, it can also be used for nefarious means. In a tweet, a security and infosec expert showcased the power of a small iPhone hacking device capable of spamming devices with different popup notifications.

First, the device is called the Flipper Zero. It essentially works by spoofing devices like Apple’s AirTags, AirPods Pro, and even new contacts. This effectively launches a DDoS notification attack on any iOS device in the area, rendering it nonfunctional. 

This particular iPhone hacking device has apparently been used as part of an ongoing “prank” against iPhone users, and Techryptic, the infosec expert behind the new warnings, has called for Apple to consider implementing safeguards to mitigate the risks.

“What’s the purpose of posting this?” Techryptic’s tweet begins, “It has the capability to effectively launch a DDOS notification attack on any iOS device, rendering it nonfunctional. Even if the device is in airplane mode, it’s still susceptible. Apple should consider implementing safeguards to mitigate.”

Techryptic also included several videos of the device in action on Twitter, and it’s clear how easily something like this could be abused. And, since it sends these notifications even when the device is in airplane mode, there doesn’t appear to be any way to stop it until you move away from the iPhone hacking device, or the person with the device stops it.

Obviously, it is very easy to see why something like this could be considered nefarious. While it might not necessarily steal your information, it leads to other issues – most notably, hindering your ability to use the product. Considering the legal ramifications behind initiating a DDoS attack, this isn’t something to play around with.

Hopefully, we see Apple address this issue in the future. A new security measure to stop something like this from happening would be ideal in a future OS update, such as iOS 17.

Security camera notifications are laggy, but Blink has a solution

/in


A head-on shot of the Blink Outdoor camera

Roger Fingas / Android Authority

Recently, I had the opportunity to review the Blink Outdoor, one of Amazon’s many smart security cameras. Without spoiling the rest of my thoughts, a standout feature was the “early notification” option found in the Blink app. This triggers alerts the instant motion is detected, at least within your sensitivity settings. The technology is so quick that if you’ve got a steady connection and you’re already looking at your phone, you can often catch seconds-long events while they’re still in progress.

This contrasts with most security cameras — whether from Ring, Nest, or others — which often take a few seconds to deliver a notification, much less open a livestream. The gap may be small, but it can mean all the difference in situations where it’s important to act fast, such as scaring away a thief or catching an accident before it happens. Security cameras are most valuable when they deter problems rather than just provide a record of them.

The gap may be small, but it can mean all the difference in situations where it’s important to act fast.

Hair-trigger notifications are not only rarer than they should be, but strangely undersold by Amazon/Blink. There’s no mention of early notifications in the company’s marketing, and even within the app, the option is labeled “beta.” How is this technology not the norm in smart security?

The issues holding notification speed back

Google Nest Cam Review 2021 Front

C. Scott Brown / Android Authority

Admittedly, there’s at least one obvious risk with faster notifications: battery drain. Frequent, rapid-fire alerts can burn through the batteries many cameras rely on. In a worst-case scenario, some people might gripe about having to recharge or replace their batteries every few months, leading to bad reviews, and/or customers drifting away to different camera brands. As much as people want speed, they sometimes crave convenience more.

The Blink Outdoor is somewhat “cheating” in that while the camera itself uses two AA batteries, it broadcasts to a hub plugged into an indoor AC outlet — many cameras use built-in Wi-Fi or 4G to communicate to the cloud, both of which are inherently more power-hungry. Still, if those AA…

Source…